As Web 2.0 explodes, does IT security implode?

By Jesse McCabe

Social media sparked a revolution in how we communicate. From best friends to business owners, more of us every day are using a social networking site to connect with people. Facebook welcomes 700,000 new members daily, and an estimated 4-5 million people are now reading tweets on Twitter.

And cybercriminals are having a field day exploiting the vulnerabilities social networks have exposed in our Internet security practices.

By and large, Internet security at the network level has recently consisted of on-premise URL filtering mechanisms used by organizations to enforce company Internet use policies and improve employee productivity. These solutions also offered protection by blocking access to sites classified as containing malware. For a while, this approached appeared to work.

Enter today’s socially-networked, real-time content-sharing environment. Sixty-two percent of employers allow access to social networking sites, Gartner says, and IT admins are playing catch-up on threats like Koobface. While blocking access to social networks might be a realistic option for some organizations, what about other Web security threats like drive-by downloads, phishing and pharming attacks, and access to proxy bypass sites?

Research shows 6,000 Web pages are infected every day. Four out of five of them belong to hacked inoffensive Web sites. URL filtering alone will not protect against malware infiltrating from compromised sites classified as legitimate. Protection from the ever-growing mass of Web threats can only come from a combination of inbound and outbound malware scanning, anti-phishing protection and simple enforcement of Internet security policies.